GSLB with CSS behind a firewall

Unanswered Question
Mar 11th, 2007

Hi all

I have my CSS's located behind firewalls on a private subnet. The firewall is performing NAT for external translations to my VIPs. I am implementing GSLB for failover and want to know if it is possible to do this with this configuration or if I need to have the VIP's configured with public IP addresses. How will the CSS present the DNS responses if the CSS in behind a firewall?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 03/12/2007 - 01:29

your firewall must do dns fixup in order to translate the dns response.

The CSS will respond with the private address.

All Cisco firewalls come with the nat fixup function.



This Discussion